Treasury takes first swing at Networx

Security goals for TNet help drive agency's decision

By Wilson P. Dizard III

Nov 15, 2007

The Treasury Department's vital telecommunications security requirements and the need to shape its TNet telecommunications system to support the missions of its 12 bureaus played a key role in the decision to adopt AT&T's version of a Networx system for the project.

Treasury is pioneering the first implementation of the managed-services Networx contracts, but despite venturing into that new territory, department officials and their vendor counterparts appear confident the work will create a highly secure TNet system.

'The need for network security is a very high' consideration, said Michael Duffy, acting chief information officer at Treasury. 'Our missions are wide-ranging, and the bureaus handle sensitive data.'

The special security requirements of the Internal Revenue Service are an example of the challenges that Treasury and AT&T face as they begin implementation of the 10-year contract.

IRS workers routinely handle personal information of the most sensitive nature, and about 30,000 of its employees work from remote locations, so they require secure links to central IRS facilities.

Duffy said Treasury will replace several departmental telecommunication networks, which will greatly reduce the burden of maintaining the systems. 'We are going to buy bandwidth at lower cost, so that will allow us to rechannel funds to add security,' Duffy said.

On security, Don Herring, senior vice president at AT&T Government Solutions, cited the multilayer features of AT&T's Multiprotocol Label Switching network, which is thecompany's global backbone for converged voice, data and video traffic. 'MPLS has a lot of inherent security capabilities,' he said.

'The network standard [AT&T is using for TNet] provides multilayer security ' including security around the edge of the network and within the network itself ' as well as intrusion detection and other features,' Herring said. MPLS is an industry standard that AT&T has worked with other companies to develop and refine. The standard relies on IP and adds a group of security features the company refers to as the seven pillars of security:

Secure connectivity.

Perimeter security.

Intrusion management.

Identity management.

Policy management.

Monitoring and management.

Incident management.

Duffy said TNet, like all federal networks in development, is subject to an Office of Management and Budget mandate that agencies incorporate IPv6 technology, a standard widely considered to offer improved security, in addition to the ability to incorporate upgraded security.

As for the timing of the TNet implementation, Duffy said 'the schedule is still evolving.' The IRS is scheduled to complete its transition to TNet by the end of the fiscal year, he said. 'I would say we are looking at a two-year' time frame for the TNet rollout to the entire department.

TNet's designers face the challenge of providing security not only to employees working at home or while they are traveling but also for workers using wireless devices ranging from PCs to personal digital assistants.

'The mobility technologies [incorporated in TNet] are key,' Duffy said. 'A lot of the workforce travels, and now they will have the ability to replicate' their home-base access to databases and similar services.

Herring said AT&T is implementing the mobility feature via a function called Enterprise Remote Access Project. 'It is a virtual private network solution with a single sign-on,' Duffy said. 'The network uses a token to recognize the user.'

Herring said TNet's user equipment ' the PCs, PDAs and similar equipment ' could be configured to provide whatever level of user recognition, such as three-factor authentication, that might be required for access.

Three-factor authentication, recently mandated by OMB for certain equipment, calls for the use of a biometric, ID card and password to gain access to a mobile PC.